|
|
|||
| Rule General Information |
|---|
| Release Date: | 2024-10-22 | |
| Rule Name: | Seeyon OA Background Form Imports Arbitrary File Write Vulnerability | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Seeyon OA collaborative management platform is a collaborative management software for medium-sized and large enterprises. There is an arbitrary file writing vulnerability in Seeyon OA background form import, which allows attackers to upload malicious files to the server, which may lead to remote code execution, website tampering or other forms of attacks, seriously threatening system and data security. The vulnerability affects Seeyon OA V5/G6 V8.1-V9.0SP1 series. | |
| Impact: | An attacker can write arbitrary files by constructing a specially crafted request, thus realizing unauthorized arbitrary file upload, which can eventually cause remote code execution. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | https://service.seeyon.com/patchtools/tp.html#/patchList?type=%E5%AE%89%E5%85%A8%E8%A1%A5%E4%B8%81&id=178 |
|
| Solutions |
|---|
| Go to Seeyon service to download security patches: https://service.seeyon.com/patchtools/tp.html#/patchList?type=%E5%AE%89%E5%85%A8%E8%A1%A5%E4%B8%81&id=178 |